Part of the query on sys_choice has been ignored because of insufficient access for 'query_match'

Go to solution
CharlieNZ
Tera Contributor

‎05-18-2025 01:29 PM

I hope this is the right place for this.

We have a user that has started getting these on each Incident they view:

Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.name
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.inactive
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.dependent_value
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.element

charlesmeyer_0-1747600130406.png

 

We haven't made any changes to their account. The issue wasn't there a week ago. 

 

 

  • 2,812 Views
1 ACCEPTED SOLUTION

Go to solution
Konrad Mlodzik
Tera Expert
In response to CharlieNZ

‎05-20-2025 01:18 AM - edited ‎05-20-2025 01:39 AM

Hello @CharlieNZ 
My investigation shown that in fact, users didn't have read access to the field specified in the error message, visible in the below screenshot. All of that due to all sys_choice.* ACLs.

KonradMlodzik_0-1747728382087.png
My approach from here was to create sys_choice ACL for each of the fields that were prompted in error message, so in my case sys_choice.element and sys_choice.dependent_value.
I made them similar to the existing read ACL sys_choice.label.
Here you have an overview how I created that ACL:

KonradMlodzik_2-1747728919662.png


And as you can see here now in Access Analyzer, access is evaluated to true

KonradMlodzik_1-1747728858696.png

Try this approach with at least one of the fields from sys_choice that you have mentioned in yours error messages and see if the error still occurs. For me that works

If you can please mark that as helpful and that resolved your issue so that can help other visiting this thread 🙂

 

View solution in original post

15 REPLIES 15

Go to solution
Robert H
Mega Sage
In response to CharlieNZ

‎05-19-2025 09:47 PM

Hello @CharlieNZ ,

 

Thanks for the update. If you only have the *.* query_match ACL then it means the access is granted depending on whether the user has read access to the fields involved in the query.

 

So please check if you have any of the following ACLs for the read operation:

  • sys_choice.*
  • sys_choice.name
  • sys_choice.inactive
  • sys_choice.dependent_value
  • sys_choice.element

Most probably your affected user does not have any of the roles required by those ACLs, so you would either have to grant them one of these roles, or create a new sys_choice.* read ACL that lets the user pass.

 

Please note that updating the glide.db.encoded_query.field_acl_error_msg System Property will only hide the error message, it does not fix the user's access issue.

 

Regards,

Robert

0 Helpfuls

Go to solution
SumanthDosapati
Mega Sage
Mega Sage

‎05-18-2025 11:11 PM

@CharlieNZ 

  1. Create the following system property to prevent the errors from popping up:
  2. Name: glide.db.encoded_query.field_acl_error_msg
  3. Type: true | false
  4. Value: false

Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth

Go to solution
SumanthDosapati
Mega Sage
Mega Sage
In response to SumanthDosapati

‎05-19-2025 10:08 PM

@CharlieNZ 

Did the above solution work? If yes, Accept the solution and mark as helpful to close the thread and benefit other readers.

Regards,
Sumanth

0 Helpfuls

Go to solution
Karla Chorny
Tera Expert
In response to SumanthDosapati

Monday

In my experience, this will eliminate the error messages, but the user still won't be able to filter the fields that were erroring before. 

0 Helpfuls

Go to solution
Konrad Mlodzik
Tera Expert
In response to Karla Chorny

Monday

Hello Karla! 

Did you maybe tried the solution I proposed? I think after that user should be able to filter the fields.

 

0 Helpfuls